When endpoints make calls from a public network into an enterprise network, the enterprise network will typically have a firewall to protect the enterprise network. For example, the enterprise network may have a Network Address Translator (NAT) and/or a Session Border Controller (SBC) to provide network address translation and network security. NATs use a technique called latching to traverse the firewall as described in Internet Engineering Task Force (ITEF) RFC 7362, “Latching: Hosted NAT Transversal (HNT) for Media in Real-Time Communication,” September 2014, which is incorporated herein in its entirety by reference. The NAT listens on the public side IP address and/or port sent out through SDP and then latches on to the media source IP-port (at the accessible side of the firewall), when Real-time Transport Protocol (RTP) media begins to stream.
However, because the NAT latches on to the first media stream that has the IP address and/or port, this may open up the enterprise to denial of service attacks. Malicious entities can continuously flood all the ports of the public side of the NAT with a denial of service attack to cause the NAT to latch on to an invalid media stream. Alternatively, malicious entities can monitor incoming traffic and send a packet with the IP address/port, thus causing the NAT to latch to an invalid media stream. Because the NAT latches to an invalid media stream, the improper latching prevents legitimate endpoints form establishing calls to the enterprise network.